RHSA-2018:2181

Affecting gnupg2 package, versions <0:2.0.22-5.el7_5

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE
RHSA-2018:2181
Snyk ID
SNYK-CENTOS7-GNUPG2-340401
Published
22 Jul, 2018